I’m pleased to announce that our Cloud Servers now support encryption at rest! When enabled, all data written to the local virtual disk attached to your cloud server is transparently encrypted and decrypted on the fly. Your unencrypted data never touches the physical storage devices on the host.
Our data centres have strict physical security policies, we securely wipe your cloud server disks when you delete them, and physical storage devices are securely disposed of when decomissioned. But some security standards and regulations have blanket requirements for encryption at rest, so we’re making it easy for you to meet those obligations. You don’t need to install any tools, write any config files or manage any keys. Just enable it when you create a server and you’re done.
We store keys security in physical TPM crypto-devices on each host, encryption is with AES-256 and is hardware accelerated for performance. You can snapshot encrypted Cloud Servers just like any other, the snapshots are encrypted in-transit and stored in Orbit, our object storage service, which encrypts all data at rest.